{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33853", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-03-24T05:55:55.342Z", "datePublished": "2026-03-24T05:56:33.223Z", "dateUpdated": "2026-03-24T14:15:25.078Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T05:56:33.223Z"}, "title": "NULL Pointer Dereference in MolotovCherry Android-ImageMagick7", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "type": "CWE"}]}], "affected": [{"vendor": "MolotovCherry", "product": "Android-ImageMagick7", "collectionURL": "https://github.com/MolotovCherry/Android-ImageMagick7", "versions": [{"status": "affected", "version": "0", "lessThan": "7.1.2-10", "versionType": "git"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "NULL Pointer Dereference vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-10.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "NULL Pointer Dereference vulnerability in MolotovCherry Android-ImageMagick7.<p>This issue affects Android-ImageMagick7: before 7.1.2-10.</p>"}]}], "references": [{"url": "https://github.com/MolotovCherry/Android-ImageMagick7/pull/183", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}}], "credits": [{"lang": "en", "value": "TITAN Team (titancaproject@gmail.com)", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T14:15:18.263309Z", "id": "CVE-2026-33853", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:15:25.078Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33853", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T14:15:18.263309Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:15:21.445Z"}}], "cna": {"title": "NULL Pointer Dereference in MolotovCherry Android-ImageMagick7", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "MolotovCherry", "product": "Android-ImageMagick7", "versions": [{"status": "affected", "version": "0", "lessThan": "7.1.2-10", "versionType": "git"}], "collectionURL": "https://github.com/MolotovCherry/Android-ImageMagick7", "defaultStatus": "affected"}], "references": [{"url": "https://github.com/MolotovCherry/Android-ImageMagick7/pull/183", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "NULL Pointer Dereference vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-10.", "supportingMedia": [{"type": "text/html", "value": "NULL Pointer Dereference vulnerability in MolotovCherry Android-ImageMagick7.<p>This issue affects Android-ImageMagick7: before 7.1.2-10.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T05:56:33.223Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33853", "state": "PUBLISHED", "dateUpdated": "2026-03-24T14:15:25.078Z", "dateReserved": "2026-03-24T05:55:55.342Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-03-24T05:56:33.223Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "NULL Pointer Dereference vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-10."}], "id": "CVE-2026-33853", "lastModified": "2026-03-24T15:53:48.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-03-24T06:16:22.517", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/MolotovCherry/Android-ImageMagick7/pull/183"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,7.1.2-10)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Android-ImageMagick7", "source": "cna", "vendor": "MolotovCherry"}, "product": "android-imagemagick7", "vendor": "molotovcherry"}], "analysis": {"en": {"generated_at": "2026-03-24T07:22:16.905820+00:00", "value": {"mitigation_remediation": ["Upgrade to Android-ImageMagick7 version 7.1.2\u201110 or later."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Android-ImageMagick7 project from MolotovCherry. Versions before 7.1.2\u201110 are impacted, including any 7.x build prior to that exact release.", "description_and_impact": "A NULL pointer dereference exists in the Android-ImageMagick7 repo, allowing an attacker to trigger a crash by causing the program to attempt to read or write a memory location through a null reference. The worst\u2011case result is a denial of service that may affect applications depending on ImageMagick. No code execution or privilege escalation is indicated in the description.", "risk_and_exploitability": "With a CVSS score of 5.5 the severity is moderate. Exploit probability data is not available and the vulnerability is not listed in the CISA KEV catalog, indicating limited known exploitation. Because the description does not detail an external trigger, the attack vector likely requires local or privileged access to the vulnerable binaries, and no remote exploitation path is supplied."}}}}, "created": "2026-03-24T10:28:51.302297+00:00", "updated": "2026-03-25T20:39:55.790995+00:00", "vendors": ["molotovcherry", "molotovcherry$PRODUCT$android-imagemagick7"]}